Lawmakers express optimism, concerns over White House cybersecurity plan

Members of the Senate Homeland Security Committee praised the Obama administration's recently released cybersecurity proposal during a Monday hearing, but expressed concern about some remaining differences between the approaches of the White House and lawmakers on Capitol Hill.

Committee Chairman Joe Lieberman, I-Conn., said he was pleased with much of the White House Cyberspace Policy Review released last week. Unless Congress acts, he said, the Internet will devolve into a "digital Dodge City."

The White House is correct in assigning cybersecurity authority to the Department of Homeland Security, said Lieberman, who has proposed cybersecurity legislation along with Homeland Security ranking member Susan Collins, R-Maine, and Sen. Tom Carper, D-Del. Lieberman also praised the policy's call for public/private partnerships to reduce cyber threats.

However, the chairman stuck by his call to establish a White House "Office of Cyberspace Policy" led by a Senate-confirmed official, something the White House plan does not call for. Currently, Howard Schmidt is White House cybersecurity coordinator; Lieberman, however, said that cyber threats deserve the attention of an official accountable to Congress.

Collins also praised the White House for wading into cybersecurity.

"Experts tell me that the cyber arena is where the biggest gap exists between the threat level and our preparedness," she said. "Unfortunately, the government's overall approach to cybersecurity has been disjointed and uncoordinated."

Collins said the administration's legislative proposals largely mirror those in the bill she wrote with Lieberman and Carper, but she asked for more details about what powers the president has to control parts of the Internet in case of a large cyber attack.

"Our current bill has explicit provisions preventing the president from shutting down the Internet," she said. "By contrast, the administration appears to rely on outmoded, yet potentially sweeping authorities granted in the Communications Act of 1934."

Witnesses at the hearing, including outgoing Homeland Security Deputy Under Secretary Philip Reitinger and Jason Chipman of the Justice Department, admitted the current laws were written with older technologies in mind. "It merits discussion," Chipman said.

The response to cyber threats will be ongoing, said Reitinger, who announced last week that he is leaving the top cybersecurity spot at DHS. "This is not a game that we're going to win. It is a game that we're going to get better at, but it's never going to be done," he said.

Lawmakers on the panel also expressed concern that the White House proposal doesn't include liability protection for companies as an incentive to maintain security standards or any strategy to protect federal supply chains.

Despite the concerns, Lieberman said he is optimistic that any differences can be overcome, and Carper said that he thinks this year's cybersecurity legislation has a good shot at becoming law.

"As my colleagues are aware, it's proven difficult so far this year to find bipartisan consensus on many issues here in the Senate," Carper said. "I have a feeling, however, that it might very well be possible to work across the aisle like we did after 9/11 to address the serious security challenges we face as a country."